Ajinabraham

**Name of the Vulnerable Software and Affected Versions** serialize-to-js versions 0.5.0 **Description** An issue in the serialize-to-js package allows untrusted data passed into the `deserialize()` function to be exploited for arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE). This can be achieved by crafting a specific payload, such as a variable `payload` containing a malicious JavaScript Object. The exploitation involves using the `deserialize()` function from the `serialize-to-js` package, which can lead to code execution. **Recommendations** Update to version 1.0.0 or later, and review the disclaimer from the author regarding the `deserialize()` function to understand its safe usage.